99° Helpers for TYPO3

Db::quote()

\nn\t3::Db()->quote(`$value = ''`);

A replacement for the mysqli_real_escape_string() method.

Should only be used in an emergency for low-level queries. It is better to use preparedStatements.

Only works with SQL, not with DQL.

$sword = \nn\t3::Db()->quote('test'); // => 'test'
$sword = \nn\t3::Db()->quote("test';SET"); // => 'test\';SET'
$sword = \nn\t3::Db()->quote([1, 'test', '2']); // => [1, "'test'", '2']
$sword = \nn\t3::Db()->quote('"; DROP TABLE fe_user;#');

@param string|array $value

@return string|array

Source Code public function quote( $value = '' )
{
	if (is_array($value)) {
		foreach ($value as &$val) {
			if (!is_numeric($val)) {
				$val = $this->quote($val);
			}
		}
		return $value;
	}
	return $this->getConnection()->quote( $value );
}        
        Copied!
    